From 8be3d8e4d61f23ec8887ded1c41251e53c256526 Mon Sep 17 00:00:00 2001
From: Ricky Moorhouse <ricky@samespirit.net>
Date: Fri, 22 Jun 2018 11:55:53 +0100
Subject: [PATCH] Adding mTLS support for tests

https://github.com/rickymoorhouse/hem/issues/8
---
 README.md          |  1 +
 hemApp/__init__.py | 10 ++++++++--
 test_requires.txt  |  1 +
 tests/test_hem.py  | 10 ++++++++++
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 9477c73..b5ec228 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ The config.yaml is made up of sections:
         path: Path to test
         secure: Is this using HTTPS?
         hosts: List of hosts to use 
+        certificate: Path to keypair to use for mTLS - must be un-encrypted
         discovery: discovery block for this test - merged with top level block 
 ```
 
diff --git a/hemApp/__init__.py b/hemApp/__init__.py
index 5211c4b..7f4e28a 100644
--- a/hemApp/__init__.py
+++ b/hemApp/__init__.py
@@ -74,6 +74,7 @@ class Check(object):
     headers = {}
     timeout = 10
     metrics = None
+    certificate = None
 
     def __init__(self, name, test, metrics=None):
         #path, secure=False, verify=True, metrics=None):
@@ -88,7 +89,10 @@ def __init__(self, name, test, metrics=None):
         self.method = test.get('method', "get")
         if 'headers' in test:
             self.headers = test['headers']
-        
+        if 'certificate' in test:
+            self.logger.info("Setting certificate to %s", test['certificate'])
+            self.certificate = test['certificate']
+
         self.metrics = metrics
 
     def test(self, param, results):
@@ -105,7 +109,9 @@ def test(self, param, results):
                 self.url.format(param), 
                 headers=self.headers,
                 timeout=self.timeout, 
-                verify=self.verify)
+                verify=self.verify,
+                cert=self.certificate
+                )
             self.logger.debug("Response text: %s", result.text)
             elapsed_time = result.elapsed
             result.raise_for_status()
diff --git a/test_requires.txt b/test_requires.txt
index 287ba44..329b808 100644
--- a/test_requires.txt
+++ b/test_requires.txt
@@ -10,6 +10,7 @@ pytest
 pytest-cov
 pytest-mock
 requests-mock
+coverage==4.0.3
 python-coveralls
 pykafka
 prometheus_client
diff --git a/tests/test_hem.py b/tests/test_hem.py
index 6097e4b..c914ebc 100644
--- a/tests/test_hem.py
+++ b/tests/test_hem.py
@@ -24,6 +24,16 @@ def test_check_invoke():
         assert results is not None
         assert response == 200
         assert type(timing) is datetime.timedelta
+def test_check_mtls_invoke():
+    with requests_mock.mock() as m:
+        m.get('https://1.1.1.1/', text="")
+        test = {'path':'/', 'secure':True, 'verify':True, 'certificate': 'certificate.pem'}
+        check = hemApp.Check('test', test)
+        results = check.test_list(["1.1.1.1"])
+        (response, timing) = results[0]
+        assert results is not None
+        assert response == 200
+        assert type(timing) is datetime.timedelta
 def test_ssl_error():
     with requests_mock.mock() as m:
         m.get('https://1.1.1.1/', exc=requests.exceptions.SSLError)